Comment by indolering

8 hours ago

RSA is still fine given that you can't break it in a year and we aren't worried about forward secrecy.

Also, I worked for a DNS company. People stopped caring about ulta-low latency first connect times back in the 90s.

You are clearly very proud of your work devaluing DNSSEC. But pointing to lack of adoption doesn't make your arguments valid.

16 comments

indolering

ekr____ 8 hours ago

> People stopped caring about ulta-low latency first connect times back in the 90s.

They did? That's certainly going to be news to the people at Google, Mozilla, Cloudflare, etc. who put enormous amounts of effort into building 0-RTT into TLS 1.3 and QUIC.

indolering 7 hours ago
I did a large data analysis of DNS caching times across the web. Hyperscalers are the only ones who care and they fix that with insanely long DNS caching.
- ekr____ 7 hours ago
  
  I'm not trying to just nitpick you here, but, the message I was responding to said "People stopped caring about ulta-low latency first connect times back in the 90s.".
  It seems to me that you're saying here that (1) the hyperscalers do care but (2) it's under control. I'm not necessarily arguing with (2) but as far as the hyperscalers go: (1) they drive a lot of traffic on their own (2) in many cases they care so their users don't have to.
  
  12 replies →

tptacek 8 hours ago

I don't know about "valid". "Correct", maybe? "Prescient"?